US11677716B2 - System of a distributed web application firewall cluster - Google Patents
System of a distributed web application firewall cluster Download PDFInfo
- Publication number
- US11677716B2 US11677716B2 US16/653,319 US201916653319A US11677716B2 US 11677716 B2 US11677716 B2 US 11677716B2 US 201916653319 A US201916653319 A US 201916653319A US 11677716 B2 US11677716 B2 US 11677716B2
- Authority
- US
- United States
- Prior art keywords
- waf
- cluster
- computer
- configuring
- protected applications
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- the present invention relates to the management of information handling systems. More specifically, embodiments of the invention provide a system, method, and computer-readable medium for improved management of web application firewall clusters.
- a system, method, and computer-readable medium are disclosed for management of a distributed web application firewall (WAF) cluster that supports one or more protected applications.
- WAF distributed web application firewall
- a WAF cluster infrastructure is configured for the protected applications.
- the WAF cluster includes one or more WAFs that are used to route traffic directed to the protected applications.
- the WAF cluster infrastructure is validated as to be current and updated. The validated WAF cluster infrastructure is then used as routing service.
- FIG. 1 is a general illustration of components of an information handling system
- FIG. 2 is a simplified block diagram of a system for distributed web application firewall (WAF) clusters
- FIG. 3 is a simplified block diagram of a web application firewall (WAF) route service system
- FIG. 4 is a general flowchart for web application firewall (WAF) cluster provisioning
- FIG. 5 is a general flowchart for container orchestration tool management
- FIG. 6 is a general flowchart for management of a web application firewall (WAF) as a route service.
- WAF web application firewall
- an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, classify, process, transmit, receive, retrieve, originate, switch, store, display, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes.
- an information handling system may be a personal computer, a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price.
- the information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory.
- Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a microphone, keyboard, a video display, a mouse, etc.
- the information handling system may also include one or more buses operable to transmit communications between the various hardware components.
- FIG. 1 is a generalized illustration of an information handling system 100 that can be used to implement the system and method of the present invention.
- the information handling system 100 includes a processor (e.g., central processor unit or “CPU”) 102 , input/output (I/O) devices 104 , such as a microphone, a keyboard, a video/display, a mouse, and associated controllers (e.g., K/V/M), a hard drive or disk storage 106 , and various other subsystems 108 .
- the information handling system 100 also includes network port 110 operable to connect to a network 140 , which is likewise accessible by a service provider server 142 .
- the information handling system 100 likewise includes system memory 112 , which is interconnected to the foregoing via one or more buses 114 .
- System memory 112 further comprises operating system (OS) 116 and in various embodiments may also include a WAF route service implementation system 118 .
- OS operating system
- WAF route service implementation system 118 WAF route service implementation system
- the WAF route service implementation system 118 provides for implementation of management of WAF clusters, that includes providing for WAF self-service, automated upgrades, scalability, and self-healing.
- the WAF route service implementation system 118 can be integrated into software deployment platform, such as Pivotal Cloud Foundry (PCF), and a container orchestration tool, such as Kubernetes.
- PCF Pivotal Cloud Foundry
- Kubernetes a container orchestration tool
- multiple WAF clusters can be implemented, where each WAF cluster can be tailored to particular applications, instead of a universal “do it all” WAF cluster.
- the loyalty coin miner 118 is provided as a service from the service provider server 142 .
- FIG. 2 is a simplified block diagram of a system 200 for distributed WAF clusters.
- a WAF is a software implemented virtual firewall that can be configured, managed, and deployed in a WAF cluster via the container orchestration tool (e.g., Kubernetes), where the WAF acts as a route service.
- the WAF directs HTTP/HTTPS traffic (e.g., requests) as to an application(s).
- a WAF can be tailored to protect a specific type of application or applications.
- deploying a WAF/WAF cluster closer to an application and configuring a tailored ruleset for the WAF/WAF cluster can lead to lower latency and false positives as compared to traditional WAF implementations, such as in front of an entire business infrastructure.
- the system 200 includes requesters 202 who request access to applications, such as applications related to website access, downloadable applications, etc.
- the requesters can have specific/unique identifiable internet protocol or IP addresses.
- Requestors 202 can provide their requests to devices 204 .
- the devices can send the requests in the form of HTTP/HTTPS traffic to network/Internet 140 .
- devices 204 refers to an information handling system such as a personal computer, a laptop computer, a tablet computer, a personal digital assistant (PDA), a smart phone, a mobile telephone, or other device that is capable of communicating and processing data.
- devices 204 are representative of an environment that includes various computing devices (e.g., servers), storage, software solutions, hardware (e.g., accessories), etc.
- the network 140 may be a public network, such as the Internet, a physical private network, a wireless network, a virtual private network (VPN), or any combination thereof.
- VPN virtual private network
- the requests or HTTP/HTTPS traffic from devices 204 are sent to a software deployment platform 206 .
- the software deployment platform 206 can be implemented as Pivotal Cloud Foundry (PCF).
- the software deployment platform 206 includes protected applications 208 , a cloud controller 210 and a go router 212 .
- the go router 212 receives the requests or HTTP/HTTPS traffic.
- the system 200 can include a container orchestration tool 214 .
- the container orchestration tool 214 can be implemented as Kubernetes.
- the container orchestration tool 214 can include one or more WAF clusters as represented by WAF cluster 216 .
- Each WAF cluster 216 can include one or more WAFs, as represented by “WAF 1 ” 218 - 1 to “WAF N” 218 -N.
- the container orchestration tool 214 can include WAF operators 220 , which can be implemented to perform actions on the WAF cluster 216 and “WAF 1 ” 218 - 1 to “WAF N” 218 -N.
- An application program interface or API 222 can be included in the container orchestration tool 214 and configured to receive and pass on actions to the WAF cluster 216 and “WAF 1 ” 218 - 1 to “WAF N” 218 -N.
- Users 224 can be administrators of the protected applications 208 and/or their related websites. Users 224 can be site managers, developers, etc. or any entity with an interest in/responsibility for protected applications 208 . In certain instances, users 224 are PCF users. Users 224 can configure the WAF cluster 216 and/or “WAF 1 ” 218 - 1 to “WAF N” 218 -N for the protected applications 208 . Users 224 are connected through network/Internet 140 through user system 226 , where user system 226 is representative of information handling systems that can various computing devices (e.g., servers), storage, software solutions, hardware (e.g., accessories), etc.
- computing devices e.g., servers
- storage software solutions
- hardware e.g., accessories
- the system 200 can also include security administrator 228 .
- the security administrator 228 is an administrator or managers that may monitors for suspicious or dangerous IP addresses, which can be traced to particular requestors 202 .
- the security administrator 228 can identify or flag such IP addresses and create or update a ruleset or configuration for WAF cluster 216 and/or “WAF 1 ” 218 - 1 to “WAF N” 218 -N.
- the ruleset or configuration can be global or specific to a WAF cluster 216 and/or WAF(s) 218 .
- Such suspicious or dangerous IP addresses i.e., requesters 202
- Security administrator 228 is connected through network/Internet 140 through security administrator system 230 , where security administrator system 230 is representative of information handling systems that can include various computing devices (e.g., servers), storage, software solutions, hardware (e.g., accessories), etc.
- the system 200 can further include a logging system 232 .
- the logging system 232 can include logging repositories, such as searchable WAF logs.
- the information handling systems 100 and the WAF routing service implementation system 118 are connected through network/Internet 140 .
- the go router 212 sees a route service to a WAF (i.e., WAF cluster 216 and/or “WAF 1 ” 218 - 1 to “WAF N” 218 -N) and sends the requests or HTTP/HTTPS traffic 236 to WAF cluster 216 (i.e., “WAF 1 ” 218 - 1 to “WAF N” 218 -N).
- WAF cluster 216 checks the requests or HTTP/HTTPS traffic 236 , and if valid (i.e., safe), sends the requests or HTTP/HTTPS traffic 238 back to the go router 212 .
- the go router 212 recognizes that the requests or HTTP/HTTPS traffic has gone to and been verified by the WAF cluster 216 and allows access to the protected applications 208 .
- the go router 212 provides or sends a hash/code to the protected applications 208 to allow the requests or HTTP/HTTPS traffic.
- WAF management user interface 302 allows users 224 , once they have a provisioned WAF cluster(s) 216 and/or WAF(s) 218 to view requests or HTTP/HTTPS traffic 236 and update configurations.
- the security administrator 228 can also administrative settings through the management user interface 302 .
- Various Settings can be added/deleted/updated via the WAF management user interface 302 , including IP address blocking.
- WAF management user interface 302 can be connected to a WAF log service 304 for updating to the logging system 232 .
- the logging system 232 can be configured to log various log times and include logging repositories, such as searchable repositories of WAF logs.
- WAF cluster(s) 216 can have a logging stream that can be picked up by a logging system 232 .
- Example of a logging stream includes “Azure Log Analytics”, ELK stack, etc. Queries from the WAF management user interface 302 to the logging system 232 can provide in depth knowledge to the traffic going through the WAF cluster(s) 216 and/or WAF(s) 218 .
- WAF management user interface 302 can connect and provide alerts to a WAF alerting service 306 .
- the alerts can be from security administrator 228 .
- the WAF alerting service 306 can be used when a protected application is getting attached.
- WAF alerting service 306 or an API that is part of WAF alerting service 306 can create code/data that is pushed to a message queue/database 308 to allow a backend 310 to read and understand the alerts.
- the backend 310 through the API 222 of FIG. 2 provide the alert to WAF operators 220 of FIG. 2 .
- WAF operators 220 can take appropriate actions as to the WAF cluster(s) 216 and/or WAF(s) 218 .
- the WAF management user interface 302 can be an intermediate message storage, and in certain implementations store WAF related information/data.
- WAF configuration services 312 can allow for configuring or updating of WAF cluster(s) 216 and/or WAF(s) 218 , as to tailored suite of WAFs for users 224 of FIG. 2 . In certain instances, auto updating is performed as to WAF cluster(s) 216 of particular users 224 .
- the WAF configuration services 312 is an API. Messages as to configuration updates from the WAF management user interface 302 is sent to WAF configuration services 312 , which are forwarded to the message queue/database 308 . The messages are in sent to backend 310 and are forwarded API 222 and WAF operators 220 .
- the WAF configuration services 312 is connected to a WAF cluster configuration store 314 .
- the WAF cluster configuration store 314 can be implemented to store different WAF Cluster configurations.
- the WAF route service system 118 can include a WAF “honey pot” service component 318 which can be implemented to list potentially dangerous/malicious IP addresses as identified by a community, such as a community of Internet users.
- the WAF “honey pot” service component 318 may or may not be implemented by users 224 .
- FIG. 4 is a generalized flowchart 400 for web application firewall (WAF) cluster provisioning.
- WAF web application firewall
- the order in which the method is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined in any order to implement the method, or alternate method. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein. Furthermore, the method may be implemented in any suitable hardware, software, firmware, or a combination thereof, without departing from the scope of the invention.
- the process 400 starts.
- selection is made to provision, bind, update, and/or delete a WAF infrastructure from a brokered service directed to an application(s). Selection can be made regarding variables directed to a WAF cluster size, etc.
- user 224 provides selection through a user interface of the software development platform 206 (e.g., PCF).
- a request is received as to WAF infrastructure.
- the service broker 320 receives the request from cloud controller 210 and validates the selected/chosen settings.
- the validated request for WAF cluster infrastructure is sent. In certain implementations, the validated request is sent to message queue/database 308 .
- the process 500 starts.
- a request is received for a WAF cluster.
- the WAF cluster can be for custom defined resources.
- the request is discovered, and reconciliation is performed.
- WAF operator(s) 220 discovers the requests and reconciles desired state from actual state.
- the reconciliation can include “pods,” configuration maps, certificates, settings, etc.
- WAF cluster configurations are pulled and WAF update configurations are pushed. In certain implementations, if the actual and desired WAF cluster configurations are different, WAF operator(s) 220 can reconcile accordingly.
- WAF cluster configurations are pulled and WAF update configurations are pushed.
- WAF operator(s) 220 can reconcile accordingly.
- the WAF cluster can be used as a route service.
- the process 500 ends.
- FIG. 6 is a generalized flowchart 600 for management of a web application firewall (WAF) as a route service.
- WAF web application firewall
- the WAF determines where requests for access to an application are sent or if the requests can be sent to an application.
- the order in which the method is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined in any order to implement the method, or alternate method. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein.
- the method may be implemented in any suitable hardware, software, firmware, or a combination thereof, without departing from the scope of the invention.
- the process 600 starts.
- requests for or access to a protected application are received.
- the requests are received by the go router 212 .
- the requests can come as HTTP/HTTPS traffic.
- the protected application are bound to a route service, where the route service can be a WAF.
- the requests or HTTP/HTTPS traffic is forwarded to a WAF cluster (WAF) before the requests or HTTP/HTTPS traffic is sent to the protected application.
- WAF cluster WAF
- the WAF cluster checks rules at the WAF against the original request parameters which may have been saved as headers.
- the present invention may be embodied as a method, system, or computer program product. Accordingly, embodiments of the invention may be implemented entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in an embodiment combining software and hardware. These various embodiments may all generally be referred to herein as a “circuit,” “module,” or “system.” Furthermore, the present invention may take the form of a computer program product on a computer-usable storage medium having computer-usable program code embodied in the medium.
- the computer-usable or computer-readable medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, or a magnetic storage device.
- a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
- Computer program code for carrying out operations of the present invention may be written in an object-oriented programming language such as Java, Smalltalk, C++ or the like. However, the computer program code for carrying out operations of the present invention may also be written in conventional procedural programming languages, such as the “C” programming language or similar programming languages.
- the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
- the remote computer may be connected to the user's computer through a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
- LAN local area network
- WAN wide area network
- Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
- Embodiments of the invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
- the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/653,319 US11677716B2 (en) | 2019-10-15 | 2019-10-15 | System of a distributed web application firewall cluster |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/653,319 US11677716B2 (en) | 2019-10-15 | 2019-10-15 | System of a distributed web application firewall cluster |
Publications (2)
Publication Number | Publication Date |
---|---|
US20210112032A1 US20210112032A1 (en) | 2021-04-15 |
US11677716B2 true US11677716B2 (en) | 2023-06-13 |
Family
ID=75383930
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/653,319 Active 2040-08-03 US11677716B2 (en) | 2019-10-15 | 2019-10-15 | System of a distributed web application firewall cluster |
Country Status (1)
Country | Link |
---|---|
US (1) | US11677716B2 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11689530B2 (en) * | 2019-11-13 | 2023-06-27 | Palantir Technologies Inc. | Systems and methods for managing custom code in a data computing platform |
US11765190B2 (en) * | 2021-01-27 | 2023-09-19 | Blackberry Limited | Method for creating a zero trust segmented network perimeter for an endpoint or identity |
CN114422234A (en) * | 2022-01-17 | 2022-04-29 | 北京金山云网络技术有限公司 | WAF rule loading method and device, electronic equipment and storage medium |
GB2618654A (en) * | 2022-03-31 | 2023-11-15 | Sophos Ltd | Hybrid web application firewall |
CN116192533B (en) * | 2023-04-24 | 2023-07-21 | 远江盛邦(北京)网络安全科技股份有限公司 | WAF deployment system, WAF deployment method, WAF deployment equipment and WAF deployment medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100199345A1 (en) * | 2009-02-04 | 2010-08-05 | Breach Security, Inc. | Method and System for Providing Remote Protection of Web Servers |
US20150264011A1 (en) * | 2014-03-17 | 2015-09-17 | Fortinet, Inc. | Security information and event management |
US20160164837A1 (en) * | 2014-12-04 | 2016-06-09 | Yu Wu | Customizable web application firewall for software as a service platform |
US20160359809A1 (en) * | 2014-12-22 | 2016-12-08 | Verizon Digital Media Services Inc. | Real-Time Reconfigurable Web Application Firewall For a Distributed Platform |
US20170180322A1 (en) * | 2015-12-22 | 2017-06-22 | Sap Se | Generating wireless application firewall specific validation rule |
US10063519B1 (en) * | 2017-03-28 | 2018-08-28 | Verisign, Inc. | Automatically optimizing web application firewall rule sets |
US20190028504A1 (en) * | 2017-07-18 | 2019-01-24 | Imperva, Inc. | Insider threat detection utilizing user group data object access analysis |
US20190222558A1 (en) * | 2018-01-15 | 2019-07-18 | Akamai Technologies, Inc. | Symbolic execution for web application firewall performance |
US20190364072A1 (en) * | 2018-05-22 | 2019-11-28 | Appviewx Inc. | System for monitoring and managing firewall devices and firewall management platforms |
US20200036615A1 (en) * | 2018-07-27 | 2020-01-30 | Centurylink Intellectual Property Llc | Method and System for Implementing High Availability (HA) Web Application Firewall (WAF) Functionality |
-
2019
- 2019-10-15 US US16/653,319 patent/US11677716B2/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100199345A1 (en) * | 2009-02-04 | 2010-08-05 | Breach Security, Inc. | Method and System for Providing Remote Protection of Web Servers |
US20150264011A1 (en) * | 2014-03-17 | 2015-09-17 | Fortinet, Inc. | Security information and event management |
US20160164837A1 (en) * | 2014-12-04 | 2016-06-09 | Yu Wu | Customizable web application firewall for software as a service platform |
US20160359809A1 (en) * | 2014-12-22 | 2016-12-08 | Verizon Digital Media Services Inc. | Real-Time Reconfigurable Web Application Firewall For a Distributed Platform |
US20170180322A1 (en) * | 2015-12-22 | 2017-06-22 | Sap Se | Generating wireless application firewall specific validation rule |
US10063519B1 (en) * | 2017-03-28 | 2018-08-28 | Verisign, Inc. | Automatically optimizing web application firewall rule sets |
US20190028504A1 (en) * | 2017-07-18 | 2019-01-24 | Imperva, Inc. | Insider threat detection utilizing user group data object access analysis |
US20190222558A1 (en) * | 2018-01-15 | 2019-07-18 | Akamai Technologies, Inc. | Symbolic execution for web application firewall performance |
US20190364072A1 (en) * | 2018-05-22 | 2019-11-28 | Appviewx Inc. | System for monitoring and managing firewall devices and firewall management platforms |
US20200036615A1 (en) * | 2018-07-27 | 2020-01-30 | Centurylink Intellectual Property Llc | Method and System for Implementing High Availability (HA) Web Application Firewall (WAF) Functionality |
Non-Patent Citations (8)
Title |
---|
"Block Attacks from Specific IP Addresses in AWS WAF" Published Jun. 25, 2019 (12 pages) https://www.wafcharm.com/en/blog/block-attacks-from-specific-ip-addresses-in-aws-waf/ (Year: 2019). * |
AskF5: "K10978895: Blocking malicious traffic using the IP Intelligence feature in BIG-IP AFM" Published Aug. 7, 2019 (4 pages) https://support.f5.com/csp/article/K10978895 (Year: 2019). * |
F5, Advanced Application Threats Require an Advanced WAF, white paper, 2018. |
Fastly Help Guides; "Using the IP block list" Published Nov. 6, 2018 (3 pages) https://docs.fastly.com/en/guides/using-the-ip-block-list (Year: 2018). * |
Huawei Web Application Firewall User Guide. Published Aug. 20, 2018 (pp. 1-93) https://developer-res-cbc-cn.obs.cn-north-1.myhuaweicloud.com/upload/files/pdf/20171206/20171206173915_2406.pdf (Year: 2018). * |
nginx.com, What is NGINX Plus?, downloaded Oct. 15, 2019. |
Palo Alto Networks, Global Cybersecurity Leader, downloaded Oct. 15, 2019. |
signalsciences.com, Next Generation Web Application Firewall (WAF), Complete Cloud-Native Web Application Security, 2019. |
Also Published As
Publication number | Publication date |
---|---|
US20210112032A1 (en) | 2021-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11677716B2 (en) | System of a distributed web application firewall cluster | |
US11290493B2 (en) | Template-driven intent-based security | |
US11310284B2 (en) | Validation of cloud security policies | |
US11138030B2 (en) | Executing code referenced from a microservice registry | |
US9560081B1 (en) | Data network microsegmentation | |
US9621592B2 (en) | System and method for software defined deployment of security appliances using policy templates | |
US9088571B2 (en) | Priority assignments for policy attachments | |
US11522905B2 (en) | Malicious virtual machine detection | |
US10762193B2 (en) | Dynamically generating and injecting trusted root certificates | |
JP2023530817A (en) | Preventing Unauthorized Package Deployment in Clusters | |
US10708230B2 (en) | Systems and methods for firewall configuration using block lists | |
US11729221B1 (en) | Reconfigurations for network devices | |
US10637829B2 (en) | Passport-controlled firewall | |
US20190199751A1 (en) | Shadow IT Discovery Using Traffic Signatures | |
US10785056B1 (en) | Sharing a subnet of a logically isolated network between client accounts of a provider network | |
US10237303B2 (en) | Prevalence-based reputations | |
US20230101973A1 (en) | Protecting instances of resources of a container orchestration platform from unintentional deletion | |
US11297065B2 (en) | Technology for computing resource liaison | |
US20190104110A1 (en) | Method and system for controlling transmission of data packets in a network | |
US20240061960A1 (en) | Remote management over security layer | |
US11119750B2 (en) | Decentralized offline program updating | |
AU2017257184B2 (en) | Configuration data as code | |
CN113419878A (en) | Data operation method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: DELL PRODUCTS L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DIROSA, FRANK;HERRERO, RENE;FREDERIKSEN, POUL C.;AND OTHERS;SIGNING DATES FROM 20190925 TO 20190930;REEL/FRAME:050720/0711 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT, TEXAS Free format text: PATENT SECURITY AGREEMENT (NOTES);ASSIGNORS:DELL PRODUCTS L.P.;EMC IP HOLDING COMPANY LLC;WYSE TECHNOLOGY L.L.C.;AND OTHERS;REEL/FRAME:051302/0528 Effective date: 20191212 |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, NORTH CAROLINA Free format text: SECURITY AGREEMENT;ASSIGNORS:DELL PRODUCTS L.P.;EMC IP HOLDING COMPANY LLC;WYSE TECHNOLOGY L.L.C.;AND OTHERS;REEL/FRAME:051449/0728 Effective date: 20191230 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:CREDANT TECHNOLOGIES INC.;DELL INTERNATIONAL L.L.C.;DELL MARKETING L.P.;AND OTHERS;REEL/FRAME:053546/0001 Effective date: 20200409 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS COLLATERAL AGENT, TEXAS Free format text: SECURITY INTEREST;ASSIGNORS:DELL PRODUCTS L.P.;EMC CORPORATION;EMC IP HOLDING COMPANY LLC;REEL/FRAME:053311/0169 Effective date: 20200603 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
AS | Assignment |
Owner name: EMC CORPORATION, MASSACHUSETTS Free format text: RELEASE OF SECURITY INTEREST AT REEL 051449 FRAME 0728;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058002/0010 Effective date: 20211101 Owner name: SECUREWORKS CORP., DELAWARE Free format text: RELEASE OF SECURITY INTEREST AT REEL 051449 FRAME 0728;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058002/0010 Effective date: 20211101 Owner name: WYSE TECHNOLOGY L.L.C., CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST AT REEL 051449 FRAME 0728;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058002/0010 Effective date: 20211101 Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST AT REEL 051449 FRAME 0728;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058002/0010 Effective date: 20211101 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST AT REEL 051449 FRAME 0728;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:058002/0010 Effective date: 20211101 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
AS | Assignment |
Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (053311/0169);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0742 Effective date: 20220329 Owner name: EMC CORPORATION, MASSACHUSETTS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (053311/0169);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0742 Effective date: 20220329 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (053311/0169);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0742 Effective date: 20220329 Owner name: SECUREWORKS CORP., DELAWARE Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (051302/0528);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0593 Effective date: 20220329 Owner name: DELL MARKETING CORPORATION (SUCCESSOR-IN-INTEREST TO WYSE TECHNOLOGY L.L.C.), TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (051302/0528);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0593 Effective date: 20220329 Owner name: EMC IP HOLDING COMPANY LLC, TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (051302/0528);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0593 Effective date: 20220329 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (051302/0528);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT;REEL/FRAME:060438/0593 Effective date: 20220329 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |